Pandorafms

Pandora Fms

57 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2022-26309

  • EPSS 0.19%
  • Published 01.08.2022 13:15:10
  • Last modified 21.11.2024 06:53:43

Pandora FMS v7.0NG.759 allows Cross-Site Request Forgery in Bulk operation (User operation) resulting in elevation of privilege to Administrator group.

5.4

CVE-2022-26308

  • EPSS 0.25%
  • Published 01.08.2022 13:15:10
  • Last modified 21.11.2024 06:53:43

Pandora FMS v7.0NG.760 and below allows an improper access control in Configuration (Credential store) where a user with the role of Operator (Write) could create, delete, view existing keys which are outside the intended role.

7.2

CVE-2022-1648

  • EPSS 2.8%
  • Published 26.07.2022 15:15:10
  • Last modified 21.11.2024 06:41:10

Pandora FMS v7.0NG.760 and below allows a relative path traversal in File Manager where a privileged user could upload a .php file outside the intended images directory which is restricted to execute the .php file. The impact could lead to a Remote C...

4.8

CVE-2022-2059

  • EPSS 0.62%
  • Published 25.07.2022 18:22:52
  • Last modified 21.11.2024 07:00:15

In Pandora FMS v7.0NG.761 and below, in the agent creation section, the alias parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system.

4.8

CVE-2022-2032

  • EPSS 0.62%
  • Published 25.07.2022 18:22:51
  • Last modified 21.11.2024 07:00:12

In Pandora FMS v7.0NG.761 and below, in the file manager section, the dirname parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system.

8.8

CVE-2022-0507

  • EPSS 0.17%
  • Published 10.03.2022 17:44:56
  • Last modified 21.11.2024 06:38:48

Found a potential security vulnerability inside the Pandora API. Affected Pandora FMS version range: all versions of NG version, up to OUM 759. This vulnerability could allow an attacker with authenticated IP to inject SQL.

5.4

CVE-2021-35501

Exploit
  • EPSS 0.38%
  • Published 25.06.2021 16:15:17
  • Last modified 21.11.2024 06:12:23

PandoraFMS <=7.54 allows Stored XSS by placing a payload in the name field of a visual console. When a user or an administrator visits the console, the XSS payload will be executed.

9.8

CVE-2021-34074

Exploit
  • EPSS 5.24%
  • Published 25.06.2021 16:15:17
  • Last modified 21.11.2024 06:09:52

PandoraFMS <=7.54 allows arbitrary file upload, it leading to remote command execution via the File Manager. To bypass the built-in protection, a relative path is used in the requests.

9

CVE-2020-11749

Exploit
  • EPSS 4.86%
  • Published 13.07.2020 15:15:14
  • Last modified 21.11.2024 04:58:32

Pandora FMS 7.0 NG <= 746 suffers from Multiple XSS vulnerabilities in different browser views. A network administrator scanning a SNMP device can trigger a Cross Site Scripting (XSS), which can run arbitrary code to allow Remote Code Execution as ro...

9

CVE-2020-13855

Exploit
  • EPSS 37.45%
  • Published 11.06.2020 03:15:10
  • Last modified 21.11.2024 05:02:00

Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Repository Manager feature.